Ajax hits the terrible twos

Happy Birthday, AJAX! Ã¢â‚¬â€œ Two Years Old Already
Yesterday marked the passing of two years since Jesse James Garrett posted online his seminal essay, ‘Ajax: A New Approach to Web Applications’ and then went offline, on a trip. What he came back to is now a part of Web 2.0 and Rich Internet Applications history: it was as if simply giving a handy name to the technique behind a new, richer web somehow catapulted it into being.

In other words, be disciplined about your approach to Ajax in application development – do things the same way each time. (This is also a good plug for using a mature framework, which encourages a routine)

Offer limited choices

Just because you can doesn’t mean you should. Rather than ajaxifying everything in your web app, start small with a few incremental improvements and move out from there.

Learn to set limits . . . and don’t be surprised when your toddler tried to test these limits

Remember that your javascript is exposed to the client, and can be tampered with – don’t trust anything that comes back from the client. Set limits, for example, on what html tags are allowed in user input and don’t be surprised when users try to inject malicious javascript.

Don’t give in to tantrums

This one works for developers without any translation.

Begin to use time-out and taking away privileges

See “set limits” above. Don’t enable client-side javascript any privileges it should not have – treat all client input as suspect. Error on the side of limiting functionality until you are sure it can be done securely.

Provide your toddler with a safe environment that is well childproofed

Make sure you have a development sandbox that lets you experiment with new functionality without impacting mainline production code.

Here’s hoping that Ajax gets through the terrible twos more quickly than the average toddler.